1 files changed, 31 insertions, 0 deletions

diff --git a/net-p2p/bitcoind/files/0.9-openssl-101k.patch b/net-p2p/bitcoind/files/0.9-openssl-101k.patch
new file mode 100644
index 000000000000..80f64887425b
--- /dev/null
+++ b/net-p2p/bitcoind/files/0.9-openssl-101k.patch
@@ -0,0 +1,31 @@
+diff --git a/src/key.cpp b/src/key.cpp
+index 5b261bb..a845ba1 100644
+--- a/src/key.cpp
++++ b/src/key.cpp
+@@ -227,10 +227,23 @@ public:
+     }
+ 
+     bool Verify(const uint256 &hash, const std::vector<unsigned char>& vchSig) {
+-        // -1 = error, 0 = bad sig, 1 = good
+-        if (ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), &vchSig[0], vchSig.size(), pkey) != 1)
++        if (vchSig.empty())
+             return false;
+-        return true;
++
++        // New versions of OpenSSL will reject non-canonical DER signatures. de/re-serialize first.
++        unsigned char *norm_der = NULL;
++        ECDSA_SIG *norm_sig = ECDSA_SIG_new();
++        const unsigned char* sigptr = &vchSig[0];
++        d2i_ECDSA_SIG(&norm_sig, &sigptr, vchSig.size());
++        int derlen = i2d_ECDSA_SIG(norm_sig, &norm_der);
++        ECDSA_SIG_free(norm_sig);
++        if (derlen <= 0)
++            return false;
++
++        // -1 = error, 0 = bad sig, 1 = good
++        bool ret = ECDSA_verify(0, (unsigned char*)&hash, sizeof(hash), norm_der, derlen, pkey) == 1;
++        OPENSSL_free(norm_der);
++        return ret;
+     }
+ 
+     bool SignCompact(const uint256 &hash, unsigned char *p64, int &rec) {